Re: [Patch] Add sanity checking to htpassd (Was Re: [Patch] DeTabbify htpasswd.c)

Thu, 16 May 2002 12:43:16 -0700 

+1 here, I'm only confused by why you needed the extra strcpy(tmp, line);
which doesn't seem to be necessary.

At 02:49 PM 5/16/2002, you wrote:
>Ok, so now a new sanity check, hopefully sans tabs.
>-Thom
>--
>Thom May -> [EMAIL PROTECTED]
>
>Buffy: We have a marching jazz band?
>Oz: Yeah, but, you know, since the best jazz is improvisational, we'd be
>going off in all directions, banging into floats... scary.
>
>
>--- htpasswd.c.orig     Thu May 16 20:45:41 2002
>+++ htpasswd.c  Thu May 16 20:44:51 2002
>@@ -77,6 +77,7 @@
>   *  5: Failure; buffer would overflow (username, filename, or computed
>   *     record too long)
>   *  6: Failure; username contains illegal or reserved characters
>+ *  7: Failure: file is not a valid htpasswd file
>   */
>
>  #include "apr.h"
>@@ -133,6 +134,7 @@
>  #define ERR_INTERRUPTED 4
>  #define ERR_OVERFLOW 5
>  #define ERR_BADUSER 6
>+#define ERR_INVALID 7
>
>  /*
>   * This needs to be declared statically so the signal handler can
>@@ -582,6 +584,41 @@
>              perror("fopen");
>              exit(ERR_FILEPERM);
>          }
>+        /*
>+         * Now we need to confirm that this is a valid htpasswd file
>+         */
>+        if (! newfile){
>+            char tmp[MAX_STRING_LEN];
>+
>+            fpw = fopen(pwfilename, "r");
>+            while (! (get_line(line, sizeof(line), fpw))) {
>+                    char *testcolon;
>+
>+                    if ((line[0] == '#') || (line[0] == '\0')) {
>+                            continue;
>+                    }
>+                    strcpy(tmp, line);
>+                    testcolon = strchr(tmp, ':');
>+                    if (testcolon != NULL){
>+                            /*
>+                             * We got a valid line. keep going
>+                             */
>+                            continue;
>+                    }
>+                    else {
>+                            /*
>+                             * no colon in the line, and it's not a comment
>+                             * Time to bail out before we do damage.
>+                             */
>+                            fprintf(stderr, "%s: The file %s does not 
>appear "
>+                                            "to be a valid htpasswd file.\n",
>+                                            argv[0], pwfilename);
>+                            fclose(fpw);
>+                            exit(ERR_INVALID);
>+                    }
>+            }
>+            fclose(fpw);
>+        }
>      }
>
>      /*
>@@ -678,7 +715,7 @@
>      /*
>       * The temporary file now contains the information that should be
>       * in the actual password file.  Close the open files, re-open them
>-     * in the appropriate mode, and copy them file to the real one.
>+     * in the appropriate mode, and copy the temp file to the real one.
>       */
>      fclose(ftemp);
>      fpw = fopen(pwfilename, "w+");

Reply via email to